Jump to content
Tuts 4 You
Sign in to follow this  
LCF-AT

Network monitor for https?

Recommended Posts

LCF-AT

Hi guys,

just have another small question about monitoring tools.I am still looking for any tool what can monitor whole traffic from computer to internet (not only browser) similar like Wireshark just more simple.On internet I found diffrent tools I have test some of them and see that they only capture http protocol and not https like tools from this site..

http://www.nirsoft.net/network_tools.html

...many helpfully and simple usable tools but no https support.Does anyone know some similar simple tools who support https I can check request & response headers?Anyway if WinInet / Windows Socket etc functions are used.

greetz

Share this post


Link to post
whoknows
https://www.charlesproxy.com/
https://www.telerik.com/fiddler

 

Edited by whoknows (see edit history)

Share this post


Link to post
NeWOT

damn so you can unpack themida but you can't search?

 

  • Haha 1

Share this post


Link to post
Teddy Rogers

There is nothing wrong with posting asking for recommendations for suitable tools. Some people here may have useful advice and tips to share about a particular tool. We can't all be proficient in everything...

Ted.

Share this post


Link to post
Progman

Windows API monitoring tools might also be suitable for this purpose.  Since you are dealing with HTTPS, F12 in the web browser is the simplest for me usually :D

Share this post


Link to post
Loki

Do these tools act as a network level sniffer like wireshark, or more like a proxy? Fairly sure it's the latter which is a different ask (capturing everything vs capturing stuff from an app you have set to go through a proxy)

Share this post


Link to post
Xyl2k

telerik fiddler or zap proxy is what you need. for https you need to forge a certificate to get traffic in 'clear' both fiddler and zap proxy can do that, otherwise you can also install pfsense on a vm and add a squid proxy packet, then redirect all on it. that what i do on some of my machines, all my network card is deactivated on windows and all my internet traffic is send into my pfsense vm, i've also a debian in a secondary vm who run and save all syslog it act as 'log vault', and every apps on windows who want to 'internet' have their own user/pass for squid proxy, it took a bit of time to install all of this and maintain it but it make logs reading easier and i also have a whitelist with filterdns and pfBlockerNg. it's a very paranoid setup but it work good. and in case of attack i guess i'm gonna have enought datas too see what have gone wrong and how.

Share this post


Link to post
Kurapica

@Loki

HTTP debugger is able to intercept and modify traffic too, I think it's decent for seeing what happens in the background with an easy to use GUI

I'm not promoting it but it saved me much time when I was testing some activation process via HTTP in the background

  • Like 1

Share this post


Link to post
Xyl2k

I wouldn't recommand HTTP debugger, HTTP Analyzer, and all thoses similar paid software when you have freewares soft like fiddler, etc who have the same features. you can also put 'breakpoint' like http debugger with fiddler, to modify http requests on the fly or 'repeat them.

Share this post


Link to post
Loki
7 hours ago, Kurapica said:

@Loki

HTTP debugger is able to intercept and modify traffic too, I think it's decent for seeing what happens in the background with an easy to use GUI

I'm not promoting it but it saved me much time when I was testing some activation process via HTTP in the background

Nice one. I generally use Fiddler but have seen stuff bypass it too and could only capture via wireshark, hence the question. Not tried http debugger though :)

Share this post


Link to post
LCF-AT

Hi guys,

thanks for your answers so far.

1.) As I said I am looking for a tool what can capture whole incomming / outgoing traffic from my PC (Windows Socket / WinInet / etc all) not just my browser.

2.) It should support https capturing = logging send / received request / response header datas.Must be use / setup a certificate for this to decrypt.

That are the basic features I am looking for.So the fiddler tool cant do that also it dosent support Windows Socket functions to log running apps on my PC,only WinInet works.

greetz

Share this post


Link to post
Xyl2k

instlal pfsense then

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...